Digital Conflict

By Kevin Coleman

Cyberattacks against U.S. critical infrastructure on the rise

The headlines are abuzz with information about a series of targeted distributed denial of service (DDoS) attacks on major financial institutions within the United States. The DDoS traffic was estimated at up to 20 times the normal traffic volume of those websites. A few cybersecurity professionals have proclaimed this as the biggest of its kind to hit the United States. The targeted attacks were focused on disrupting customers’ ability to electronically access the funds in their accounts. To that end, the attacks met their goals at least partially. The websites were slowed down, and in some cases were overloaded to the point where they were unavailable due to the malicious traffic.

Multiple sources have reportedly traced the cyberattack to an entity or entities in the Middle East. There are some public reports that Izz ad-Din al-Qassam, the military wing of Hamas and others have extended their attribution to Hamas with the assistance of Iran. Sen. Joe Lieberman (I-Conn.), chairman of the Senate Homeland Security Committee, was quoted by C-SPAN's Newsmakers program as saying, "I think this was done by Iran and the Quds Force (a special unit with fairly good cyber capabilities in the Iranian Army).

There have been claims these coordinated attacks were in response to the infamous anti-Islam video that sparked protests around the world. However, most sources believe that the cyberattacks were in response to crippling sanctions against Iran and or retaliation for the Stuxnet, Duqu and Flame cyberattacks on Iran that have been attributed to the United States and Israel. If it was in retaliation for the Stuxnet, Duqu and Flame cyberattacks it would go to substantiate the claims the U.S. government has an obligation to fund (at least a portion) of critical infrastructure asset protection for those owned by the private sector.

This is a clear indicator of the current state of aggression in the cyber domain, and everyone needs to get used to seeing these types of attacks. To that point, many businesses that derive a substantial part of their revenues from online services have begun to disclose the risk posed by cyberattacks in the regulatory filings as a caveat to their projected earnings.